- Our solution is 100% SaaS (Software as a Service) and based on a 3-tier system, built on the newest Microsoft technologies (.NET and SQL Server).
- Our system Frontend is implemented following the MVC pattern using ASP.NET user controls and AJAX Pro framework. AJAX is the art of exchanging data with a server, and updating parts of a web page without reloading the whole page.
- Using the AJAX framework, our clients are ensured optimal performance and immediate refresh of new data.
- Our Business logic layer uses .NET 4 Framework classes and LLBL Gen ORM framework for database access.
- Our numerous report possibilities are generated using GemBox Spreadsheet (Excel) and Microsoft ReportViewer (PDF) components.
- This enables our users to extract all event data, supplier data and multiple statistics from our system in a very smooth and user friendly way.
- Entire application, including the login process, is secured with SSL.
The system is protected against malicious attempts to gain access.
- User accounts are locked down if 3 incorrect attempts are made within a short period of time.
- Only authorized personnel can un-lock a user account within the lock down period.
- Each login attempt is logged in a database log.
- Users who have not been logged into the system within a period of minimum 3 months are blocked.
- The application uses Windows Forms Authentication.
- All Event Managers must login to the system using a unique username and password.
- All suppliers login using a unique link with embedded username and password.
Once logged in an "Authentication Token" (AT) controls access allowance to each part of our system.
On any request for a page or control, it's verified that the AT has permissions to see the requested content. If not, the user is immediately booted from the page or control and access is denied.
This ensures that:
- Users are only able to see Events from within their own company
- Suppliers are only able to see supplier information
Hosting & Backup are handled with special care as these are key to any successful IT environment.
Hosting is handled using the latest up-to-date environments. We collaborate with a recognized Hosting company which has several international data centres.
In all data centres there are physical admission control, redundant power supply, cooling and moist control, fire security, fire alarms and fire fighting equipment and infra-structure surveillance.
To guarantee our clients a stable environment in all situations, we have prepaid our server hosting company 1 year in advance, paid bank guaranties securing support, hotline staff, system updates also 1 year in advance.
We have policies on e.g. Data protection, Employee information, Hardware replacement, Computer disaster recovery, Home working computer security, Laptops, computers and servers malware protection, and Technology equipment disposal, to name a few.
The backup centre is physically located at a different facility than our main servers - this ensures we will never lose any data in case of a fire or another disaster.
All data centres, including our backup facilities, have physical admission control. Identification card and a special key card are required to get access to the server.
Management of the backup server is performed by Scanmarkets own staff. The system is monitored 24/7/365.
Disaster Recovery Planning & Business Continuity Planning
We understand that the company data in our system is the lifeline to your business. We strategically plan and prepare for any disaster recovery situation that could potentially happen.
Restore is carried out every day. Our ambition is to have a complete restore effected within 2 hours.
With Total Disaster Recovery, it is our ambition that the client within 24 hours can recommence working on a normal system, as well as access the data that was available at the latest scheduled backup prior to catastrophic failure.
Quality Assurance and Penetration Tests
Before any changes are made in the eSourcing application the complete change is verified by highly qualified Quality Assurance Personnel. The live environment is kept 100% separated from the test environment. This ensures the highest possible stability and security in the application.
On a regular basis, a penetration test is performed by nSense, a highly skilled security company, and any findings are corrected immediately. nSense is certified by the PCI Security Council as an Approved Scanning Vendor, Qualified Security Assessor and Payment Application Qualified Security Assessor.